共查询到18条相似文献,搜索用时 390 毫秒
1.
2.
3.
SSL中分级加密的实现 总被引:1,自引:0,他引:1
SSL协议广泛用来保护Web通信的安全,但高强度的加密操作会大大降低SSL连接的速度,严重影响服务器的性能。提出一种即时更改SSL连接加密级别的方法,为不同的资源提供不同级别的安全保护,实现加密的灵活性,从而大大增强服务器的性能。 相似文献
4.
本文首先介绍了SSL协议的组成与结构,分析了SSL协议的具体握手过程,讨论了几种常见的SSL协议应用模式。然后通过某个应用为例,介绍了Web服务器证书的安装与建立SSL安全通道的具体步骤。最后,指出了SSL协议的一些缺点和局限性。 相似文献
5.
为了满足当前工业控制和家用电器远程测控的要求,通过比较常用的嵌入式服务器技术并分析了嵌入式服务器的实现原理,设计了一种全新的Web服务器.详细介绍了这种基于ARMLinux嵌入式Web服务器的设计方案,阐述了系统的软硬件设计.针对嵌入式服务器的实际和应用场合,提出了HTTP协议与动态链接库相结合的解决方案.该Web服务器支持动态链接库,代码小、实时性好.测试结果表明方案可行、实用. 相似文献
6.
嵌入式Web服务器软件的设计和实现 总被引:9,自引:3,他引:9
针对当前嵌入式Internet技术已成为嵌入式系统发展的新技术热点的情况,讨论了嵌入式设备接入Internet的方法,论述了实现嵌入式Web服务器的关键技术——HTTP协议和通用网关接口CGI,阐述了嵌入式Web服务器的特点及其设计思想,最后提出并在VxWorks实时操作系统环境下实现了的一种嵌入式Web服务器的方案,并给出了该嵌入式Web服务器的数据处理流程以及其主要模块和功能说明。 相似文献
7.
8.
9.
利用SSL对IP数据包进行加密 总被引:1,自引:0,他引:1
网络应用的不断增加,使得安全问题变得更加突出,对数据包进行加密是必然的选择。SSL作为应用层和传输层之间的安全子层,能对网络应用程序之间整个会话过程进行加密。在线银行和其他金融系统也常常构建在SSL之上,同时大部分Web浏览器和Web服务器都内置了SSL协议。 相似文献
10.
11.
Jin-Ha Kim Gyu Sang Choi Das C.R. 《Parallel and Distributed Systems, IEEE Transactions on》2007,18(7):946-957
State-of-the-art cluster-based data centers consisting of three tiers (Web server, application server, and database server) are being used to host complex Web services such as e-commerce applications. The application server handles dynamic and sensitive Web contents that need protection from eavesdropping, tampering, and forgery. Although the secure sockets layer (SSL) is the most popular protocol to provide a secure channel between a client and a cluster-based network server, its high overhead degrades the server performance considerably and, thus, affects the server scalability. Therefore, improving the performance of SSL-enabled network servers is critical for designing scalable and high-performance data centers. In this paper, we examine the impact of SSL offering and SSL-session-aware distribution in cluster-based network servers. We propose a back-end forwarding scheme, called ssl_with_bf, that employs a low-overhead user-level communication mechanism like virtual interface architecture (VIA) to achieve a good load balance among server nodes. We compare three distribution models for network servers, round robin (RR), ssl_with_session, and ssl_with_bf, through simulation. The experimental results with 16-node and 32-node cluster configurations show that, although the session reuse of ssl_with_session is critical to improve the performance of application servers, the proposed back-end forwarding scheme can further enhance the performance due to better load balancing. The ssl_with_bf scheme can minimize the average latency by about 40 percent and improve throughput across a variety of workloads. 相似文献
12.
安全反向代理服务器架设在真实网页服务器与用户浏览器之间靠近真实服务器的一侧,通过传输层安全协议保障用户与真实服务器之间的通信.作为基于传输层安全协议的虚拟专用网服务器的一个最重要的组成部分,安全反向代理有着极大的商业价值和技术含量.在FreeBSD-6.3的基础上设计并实现了一个与传统TCP/IP并行的TCP/IP跳转表.基于TCP/IP跳转表设计并实现了一种多加速卡调度算法.设计并实现了直接从加速卡队列获取数据包的代理转发协议栈.设计并实现了基于后台真实服务器反馈的负载均衡算法.测试表明,由这些算法和协议栈组成的高速安全反向代理服务器新进连接数达到了国内领先水平. 相似文献
13.
《IT Professional》2002,4(5):37-41
By defining a protocol that supplies Web clients and servers with cryptographic parameters, the Secure Sockets Layer protocol enables the safe exchange of sensitive data, a crucial aspect of any e-business. The protocol's sticking point is that encrypting and decrypting data requires a tremendous amount of CPU processing power. The burden is especially apparent on the server side, because multiple Web clients often connect to a single Web server. For e-commerce transactions, it's important to implement SSL in a way that doesn't overburden your Web server's CPU and slow down the entire operation. Although the original Web servers that supported SSL did so exclusively in software, SSL adapter cards soon became available to help off-load the server's CPU load and increase performance. Today, content switches with SSL accelerators can encrypt and decrypt data at the network edge, eliminating the need for a Web server's CPU to perform any SSL-related calculations. The article focuses on the relative merits of these newer implementations. A look at the original software-only approach and its drawbacks clarify the reasons that hardware acceleration for SSL became necessary. 相似文献
14.
使用LDAP在Web中实现基于角色的访问控制 总被引:2,自引:0,他引:2
当前多数Web服务器采用的基于用户身份的访问控制方法不能适应大型企业的安全需求。而另一方面,RBAC已成为一种公认的方便而有效的访问控制策略。为将它应用到Web当中,可以利用LDAP面向目录的特性,将LDAP目录服务器当作角色服务器使用。用户或Web服务器在一种安全模式下(在SSL上)得到角色服务器中用户的角色信息,从而实施相关的RBAC策略以达到访问控制的目的。文中给出这两种运行方式的框架并分析其利弊。 相似文献
15.
SSL VPN中Web转发功能模块的设计与实现 总被引:1,自引:0,他引:1
SSLVPN需要能代理远程客户端访问内部网络上的服务器.在内部网络中最常见的服务器是Web Server.SSL VPN代理外部网络上的主机访问内部网络上Web Server称为Web转发,介绍Web转发功能模块的设计与实现. 相似文献
16.
基于认证协议的Web单点登录优化设计 总被引:2,自引:0,他引:2
针对Kerberos认证协议Web环境中进行单点登录存在的安全隐患,基于Schnorr协议的挑战/响应方式,结合Secure Cookies、HttpSession解决Web环境下HTTP协议的无状态性及服务器间的安全会话。实验结果表明,该方案性能稳健,响应速度快,防攻击力强,具有良好的实用价值和应用前景。 相似文献
17.
In the current circumstance, e-commerce through an online banking system plays a significant role. Customers may either buy goods from E-Commerce websites or use online banking to move money to other accounts. When a user participates in these types of behaviors, their sensitive information is sent to an untrustworthy network. As a consequence, when transmitting data from an internal browser to an external E-commerce web server using the cryptographic protocol SSL/TLS, the E-commerce web server ensures the security of the user’s data. The user should be pleased with the confidentiality, authentication, and authenticity properties of the SSL/TLS on both the user’s web browser and the remote E-commerce web server. E-Commerce web servers should choose the best SSL/TLS cipher suites for negotiating the user in order to attain such optimistic scenarios, as the cipher suite used in SSL/TLS plays an important role in securing E-Commerce web servers. The paper primarily focuses on analyzing the SSL/TLS cipher and elliptic curves. The paper also recommends the best elliptic curve cipher suites for E-Commerce and online banking servers, based on their power consumption, handshake execution time, and key exchange and signature verification time. 相似文献
18.
介绍SSL安全协议的组成部分以及实现原理,分析SSL的握手过程,并对其安全性进行分析。使用ApacheWeb服务器和开源软件OpenSSL在Linux环境下为通信双方建立证书、协商密钥,实现安全通信。 相似文献